THIRD PARTY AND SUPPLY CHAIN THREAT VECTORS Flashcards
Third party
Includes vendors, managed services providers, business partners, consultants,contractors.
Supply chain
Entire ecosystem of organizations, processes, people and resources involved in providing a product or service.
Represents steps to get product from inception to end user.
Challenge: organization does not have direct relationship or communication to supply chain providers and it is dependent on upon vendors to have those relationships.
System spawl
Used to describe unmanaged growth. Is often a result of non-standardization and/or decentralization. Multiple vendors, incompatible platforms, unmanaged growth. Impact is - inability to enforce security requirements
Response: proper configuration management
EOS - end of support
Last date to receive applicable service and support
Dependency
This is the state of relying or being controlled by someone
Non-conformance
Not fulfilling requirements of policies, unauthorized changes, untested product, implementation, missing critical documents.
EOL end of life
Threat vector . This is sate when the product, service or subscription is determined to be obsolete. Causes vulnerabilities, can be opportunistic attack targets.
SLA service level agreement
Agreement to codify service and support agreements
ISA - interconnection security agreement
Document that regulates security relevant aspects of an intended connection between an agency and external system. It also documents technical requirements and responsibilities
Disruption
Interruption of normal business operations due to cyber attack or data breach
Fourth party
That are vendors that are vendors for third parties
Inherent risk in 3rd parties
Threat vectors which manifest risk to the organization, consequences can be: financial loss, reputation,
Supply chain dependency
Relying only on one vendor
